WO2002097543A1 - Unite securisee, systeme de commande, procede de concatenation de dispositifs de commande, procede de commande de systeme de commande, et procede de surveillance de systeme de commande - Google Patents

Unite securisee, systeme de commande, procede de concatenation de dispositifs de commande, procede de commande de systeme de commande, et procede de surveillance de systeme de commande Download PDF

Info

Publication number
WO2002097543A1
WO2002097543A1 PCT/JP2002/005390 JP0205390W WO02097543A1 WO 2002097543 A1 WO2002097543 A1 WO 2002097543A1 JP 0205390 W JP0205390 W JP 0205390W WO 02097543 A1 WO02097543 A1 WO 02097543A1
Authority
WO
WIPO (PCT)
Prior art keywords
safety
unit
controller
cpu
bus
Prior art date
Application number
PCT/JP2002/005390
Other languages
English (en)
Japanese (ja)
Inventor
Yasuo Muneta
Toshiyuki Nakamura
Teruyuki Nakayama
Original Assignee
Omron Corporation
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Omron Corporation filed Critical Omron Corporation
Priority to DE60225443T priority Critical patent/DE60225443T2/de
Priority to EP02730857A priority patent/EP1396772B1/fr
Priority to JP2003500660A priority patent/JP3997988B2/ja
Priority to US10/478,515 priority patent/US7430451B2/en
Publication of WO2002097543A1 publication Critical patent/WO2002097543A1/fr
Priority to US12/188,783 priority patent/US7813813B2/en

Links

Classifications

    • GPHYSICS
    • G05CONTROLLING; REGULATING
    • G05BCONTROL OR REGULATING SYSTEMS IN GENERAL; FUNCTIONAL ELEMENTS OF SUCH SYSTEMS; MONITORING OR TESTING ARRANGEMENTS FOR SUCH SYSTEMS OR ELEMENTS
    • G05B19/00Programme-control systems
    • G05B19/02Programme-control systems electric
    • G05B19/04Programme control other than numerical control, i.e. in sequence controllers or logic controllers
    • G05B19/05Programmable logic controllers, e.g. simulating logic interconnections of signals according to ladder diagrams or function charts
    • G05B19/058Safety, monitoring
    • GPHYSICS
    • G05CONTROLLING; REGULATING
    • G05BCONTROL OR REGULATING SYSTEMS IN GENERAL; FUNCTIONAL ELEMENTS OF SUCH SYSTEMS; MONITORING OR TESTING ARRANGEMENTS FOR SUCH SYSTEMS OR ELEMENTS
    • G05B2219/00Program-control systems
    • G05B2219/10Plc systems
    • G05B2219/14Plc safety
    • G05B2219/14012Safety integrity level, safety integrated systems, SIL, SIS
    • GPHYSICS
    • G05CONTROLLING; REGULATING
    • G05BCONTROL OR REGULATING SYSTEMS IN GENERAL; FUNCTIONAL ELEMENTS OF SUCH SYSTEMS; MONITORING OR TESTING ARRANGEMENTS FOR SUCH SYSTEMS OR ELEMENTS
    • G05B2219/00Program-control systems
    • G05B2219/20Pc systems
    • G05B2219/25Pc structure of the system
    • G05B2219/25012Two different bus systems

Definitions

  • the present invention relates to a safety unit and a controller system, a method for connecting a controller, a method for controlling a controller system, and a method for monitoring a controller system.
  • PLCs Programmable controllers
  • FA factory automation
  • PLCs Programmable controllers
  • a logical operation is performed in accordance with the written sequence program (user program), and based on the result of the operation, ON / OFF information is output to the relay output connected to the PLC, or the valve factory is operated.
  • Control is performed by outputting a drive / stop information signal to an output device such as a printer.
  • Such PLC control is performed by repeating so-called cyclic processing.
  • connection form of the PLC to the input device and the output device may be connected to the terminal of the PLC or the terminal of the I / O unit, or may be connected via a network.
  • transmission / reception of the ON / OFF information is performed via the network.
  • information is normally transmitted in a master-slave system in which the PLC side is the master and the device side is the slave.
  • This master-slave method is also called a remote IZO method, and uses a communication master unit attached to a PLC and a communication slave unit connected to the communication master unit via a network line. Then, a plurality of input devices or output devices are connected to the terminals of the communication slave unit.
  • Communication between master and slave is serial communication transmission at a predetermined cycle Done in
  • the master makes a data request to the slave, and the slave receives the request and returns the ONZOFF information (I / O information) of each input or output device connected to the slave as a serial signal.
  • the master controls the communication right of the network, and the slave performs transmission processing toward the network according to the control of the communication right.
  • the communication between the master and the slave may be performed in synchronization with the cyclic processing of the PLC or may be performed asynchronously.
  • the exchange of information between the CPU and the master of the PLC may be performed by I / O refresh processing of the PLC or by peripheral processing.
  • multiple slaves can connect to one master and communicate with each other.
  • PLC-based control is also intended for applications where safety requirements are high, such as robot machines, presses, and cutting machines.
  • safety systems and safety net systems are being introduced in order to prevent robot arms from coming into contact with the human body and causing personal injury due to control system abnormalities or failures.
  • it is composed of a PLC as a control system element, each device itself, and a network that incorporates safety functions.
  • the “safety function” refers to a function that confirms safety and performs output.
  • the “safety system” duplicates the CPU and other processing units, for example, and detects a mismatch between the two and determines that the processing unit is abnormal.
  • safety functions are not always required for the entire system.
  • a safety system will be used, so it is not possible to include devices without safety functions.
  • safety PLCs and safety devices will be used in places where safety functions are not required.
  • Devices with safety functions are more expensive than ordinary devices, and therefore increase the cost of the entire system.
  • the present invention realizes a controller in a state where a safety system and a non-safety system are mixed well, and the safety system and the non-safety system have common parts that can be treated as common processing.
  • the purpose of this safety function is to provide a safety unit and a controller system that can be guaranteed, a method of connecting the controllers, a method of controlling the controller system, and a method of monitoring the controller system. Disclosure of the invention
  • the safety unit has a CPU unit. It can be connected to a non-safety controller configured by connecting multiple non-safety units including a safety unit, and executes safety function processing. Further, it has a CPU bus for linking to the CPU unit and a dedicated safety bus for linking to another safety unit.
  • a safety unit which can be connected to a non-safety controller configured by connecting a plurality of non-safety units including a CPU unit, in order to cooperate with the CPU unit. And a processing unit that executes safety function processing, and data may be transmitted and received between the CPU unit and the CPU unit via the CPU bus.
  • the safety unit includes, for example, a safety controller, a safety bus master, safety 1/0, and a combination of these functions.
  • the safety bus corresponds to the safety bus 11 in the embodiment.
  • the “safety bus” is a bus for transmitting and receiving information (data) for realizing the safety function processing, and only the safety unit is connected.
  • a closed world can be built within the security unit, it may be used to send and receive other non-safety information. It is only necessary to be able to access directly from the non-secure unit.
  • the ⁇ safety function '' is a so-called fail-safe function that stops control when an error occurs in the control of a controller or a communication error, and copes with output by stopping the controller.
  • This function keeps devices and control devices in a safe state. Also, the control itself does not run away.
  • An example of the case where control stop is necessary is that if the CPU of the controller and other processing units are duplicated and the inconsistency of the rain is detected, an abnormality has occurred in the network for some reason If the emergency stop switch of the mechanical system is pressed, a danger condition such as detection of the entry of a person (part of the body) into the danger area by a multi-optical axis photoelectric sensor such as a light force sensor is detected.
  • the safety function ensures that the machine system to be controlled is operated in a safe state, or in addition to the operation, is stopped in a safe state, or the machine is activated by failsafe.
  • a dedicated safety bus is provided, so that the reliability of the safety system can be ensured. You. In other words, even if the non-safety unit and the safety unit that make up the non-safety system are connected and the non-safety system and the safety system are mixed, at least the data for processing the safety functions is used for safety. Reliability can be obtained by using a dedicated bus.
  • a safety system configuration management information storage unit for storing safety system configuration management information, and to have a master function for managing and collating all safety units.
  • the master function is realized by the MPU 12 of the safety unit 1d. This safety Interview Stevenage DOO force?, The master for the management of transmission and reception of data between the safety Yuni' preparative in the case of connecting a plurality safety Yuni' bets.
  • It is preferable to provide a setting unit for setting whether or not a safety unit (master) that controls a safety system is a main safety unit among a plurality of safety units.
  • the setting means corresponds to the user interface 21 in the embodiment. By providing the setting means in this way, the user can easily set which safety unit is the master, and can easily confirm it later.
  • a tool interface is provided, and a function is provided for acquiring information held in the other safety unit or the non-safety unit via the CPU bus in accordance with a request from a connected tool. Can be.
  • controller system of the present invention can be configured by connecting the safety unit of each of the above-mentioned inventions to a non-safety controller configured by connecting a plurality of non-safety units including a CPU unit. .
  • the CPU unit It is preferable that the data can be read out overnight via the CPU bus regardless of the safety unit or the non-safety unit.
  • the CPU unit can use the safety unit and the non-safety unit via the CPU bus. Data can be read from all units regardless of
  • the safety unit can read data from the non-safe unit via the CPU unit.
  • each of a plurality of safety units constituting the safety controller is connected by a dedicated safety bus, and information is exchanged between the safety units.
  • the CPU bus is branched to each safety unit (so-called multi-drop).
  • the CPU bus is extended and connected to the safety controller.
  • the non-safety controller's CPU unit and the safety unit exchange data overnight and exchange information via the CPU bus.
  • the non-safety controller and the safety controller are configured as a controller system, and the CPU bus of the non-safety controller is extended to and connected to the CPU unit of the safety controller.
  • a safety bus other than the safety controller CPU unit may be connected via the CPU bus.
  • I / O information is input by the non-safety controller.
  • I / O information is passed to each safety unit via a dedicated safety bus This controls the controller system.
  • the CPU bus is connected to another safety unit, and the IZ0 information and other information of the devices connected to that unit are directly sent from the safety unit without going through the safety CPU unit.
  • the I / O information stored in the unit may be fetched.
  • the safety controller takes in the IZO information for the non-safety controller and uses it for control, the safety function cannot be guaranteed, so the information under the control of the non-safety controller should not be taken in. I have. This may be such that the safety unit (CPU unit or each unit) refuses to input control information from the non-safety unit (controller, CPU unit).
  • the non-safety unit may not output control information to the safety unit. That is, the non-safety controller may prohibit transmission of control information and IZ0 information to the safety related unit based on the configuration management information.
  • a tool is connected to a CPU unit of the non-safety controller, and the CPU of the non-safety controller is connected to the non-safety controller.
  • the CPU unit performs the processing according to the request, acquires the information held in the safety controller, and transmits the acquired information to the external tool.
  • non-safety-related control information can be transmitted to an external tool as well.
  • the tool receives the transmitted information, displays the information on the attached monitor screen, and records the transmitted information. In this way, it is possible to monitor the control information / controller status using a common tool for the non-safety system and the safety system.
  • the present invention has a method of setting both the non-safety controller and the safety controller using a common tool. It has a non-safety controller and a safety controller, and extends the CPU bus of the non-safety controller to the safety controller.
  • a tool interface is provided in the CPU unit of the non-safety controller, a tool is connected to the interface, and the CPU unit of the non-safety controller performs processing according to instructions from the tool.
  • a tool is connected to the CPU unit of the safety controller, the safety CPU unit performs processing in accordance with a request from the connected tool, and is held by the non-safety controller via the CPU bus.
  • Information is acquired, and the acquired information is transmitted to an external tool via the tool interface of the safety CPU unit.
  • the safety CPU unit processes according to the request from the connected tool, acquires the information held in the safety controller or the safety unit, and sends it to the tool.
  • a tool is connected to the CPU unit of the safety controller, and the cpU unit of the safety controller processes the command according to an instruction from the tool, so that the CPU is processed via the CPU bus.
  • the specified settings are made for the non-safety controller.
  • a predetermined setting may be made to the safety controller or the safety unit via the CPU bus or the dedicated safety bus by processing by the CPU unit of the safety controller.
  • FIG. 1 is a diagram showing a preferred embodiment of a secure network system according to the present invention.
  • FIG. 2 is a diagram showing a main part of a preferred embodiment of a controller (PLC) according to the present invention.
  • PLC controller
  • FIG. 3 is a diagram showing an example of the data structure of the configuration management information storage unit 16.
  • FIG. 4 is a diagram showing an example of the data structure of the safety-related configuration management information storage unit 25.
  • FIG. 5 is a diagram showing an example of the data structure of the 1 ⁇ information storage unit 22.
  • FIG. 6 is a diagram showing an example of the data structure of the IZO information storage unit 23.
  • Figure 7 is a flowchart explaining the functions of the MPU of CPU unit 1a.
  • FIG. 8 is a flow chart for explaining the function of the MPU of the safety unit 1d, which is the master of the safety system.
  • FIG. 9 is a flowchart illustrating the operation of the MPU of the CPU unit to collect information held by the safety unit.
  • FIG. 10 is a flowchart illustrating the operation of the safety unit MPU to collect the information held by the CP unit.
  • FIG. 11 is a part of a flowchart illustrating an operation in which the MPU of the safety master unit, which is a master of the safety system, collects information held by another safety unit.
  • Fig. 12 is a part of a flowchart explaining how the MPU of the safety master unit, which is the master of the safety system, collects information held by other safety units.
  • FIG. 1 shows an example of a network system to which the present invention is applied
  • FIG. 2 shows an example of the internal structure of a controller pLC1.
  • the LC 1 of this embodiment is a unit (non-safety unit) for constructing a non-safety network system without safety functions unlike the past, and a function for constructing a safety network system. It is formed by connecting units (safety unit) with
  • the non-safety unit 1a is a so-called CPU unit
  • 1b is an I / O unit
  • 1c is a communication master unit
  • a non-safety network 3 is connected to the communication master unit 1c, and various devices 2 such as input devices and output devices are connected to the network 3.
  • the device 2 performs serial communication with the communication master unit 1c, and is called a slave unit.
  • the CPU unit 1a performs so-called cyclic processing.
  • Cyclic processing is processing that repeatedly performs I / II refresh processing, user program execution processing, and peripheral processing.
  • the I / 0 refresh process is a process of taking the ON / OFF information of the input device into the memory of the CPU of the PLC and a process of outputting the result of the execution of the user program in the previous cycle to the output device as a signal. is there.
  • the input / output device is connected to I / O unit 1b or device 2.
  • the user program execution process is a process of performing a calculation based on input information from an input device in light of conditions of the user program.
  • Peripheral processing is processing that communicates over a network line connected to a PLC. Communication partners include tools, host computer terminals, and remote 1-node slaves.
  • the safety unit 1d is equivalent to a CPU unit that can control the units 1d to lf having a safety function, and in addition to performing the cyclic processing similarly to the CPU unit 1a. , It is configured to realize the safety function. Further, a safety network 7 is connected to the safety unit 1d, and a safety device 6 is connected to the safety network 7. Specific examples of the safety device 6 include an input device or an output device such as a light curtain sensor, a safety switch, and a safety use actuator. When the safety unit 1d has a communication master function, the safety device 6 may be equivalent to a slave unit or an IZO terminal, and a remote I / O can be constructed using a safety network.
  • the safety device 6 is connected to a plurality of input devices, output devices or input / output devices, and exchanges I / O information with the master by serial communication.
  • the safety unit 1e is equivalent to a safety I / O unit, and can directly connect a safety device (input device or output device) without going through a network. O Captures input signals and outputs output signals at the timing of refresh processing.
  • the safety unit 1f functions as one of the safety units, and includes, for example, a high-performance safety unit, a safety analog unit, and a safety motion control unit. Then, as shown in the figure, CPU bus 10 spans all units 1a to 1f. Are provided.
  • the CPU bus 10 is a communication bus line that enables data transmission and reception between each unit.
  • Control of data transmission and reception on the CPU bus 10 is managed by the non-safety CPU unit 1a. That is, the arbiter control for transferring the bus right is performed by the CPU unit 1a. Further, the safety units 1d to 1f are provided with another dedicated safety bus 11 independent of the CPU bus 10 and are connected to each other by the bus. . The transmission and reception of safety data between the safety units 1d to 1f are performed via the dedicated safety bus 11. The control of the bus right of the dedicated safety bus 11 cannot be performed from the CPU unit 1a, but is performed by any one of the safety units 1d to 1f. Note that one of the units may have a bus master function.
  • a series of PLCs when it is desired to exchange data of a non-safety unit with data of a safe unit, mutual communication can be performed using the CPU bus 10.
  • the I / O information of the safety unit 1d is passed to the CPU unit 1a
  • various setting information of the safety unit group of the safety unit 1d is passed to the CPU unit 1a.
  • various setting information can be passed from the CPU unit 1a to the safety units 1d to 1f. It is better not to pass the I / O information of the CPU unit 1a to the safety unit. This is because if I 0 information that does not have a safety function is mixed into a safety device, the safety function may not be able to be secured on the safety device side.
  • safety-related data for which we want to ensure safety functions can be communicated in a closed world using the dedicated safety bus 1'1.
  • data transmission / reception for implementing the safety function can be reliably performed within the safety unit 1d to 1f, and the safety function such as fail-safe can be reliably realized.
  • a series of PLCs has a configuration in which the safety system and the non-safety system coexist and also have an independent relationship with each other.
  • tool 5 can be connected to PLC 1 so that user programs can be created or edited with tool 5 and downloaded to PLC 1 or stored in PLC 1. It can collect information on network systems stored.
  • the collected information also includes PLC configuration management information, I / O information (control status of each contact, etc.), I / O information of each unit, status of each input contact, status of output contact, CPU unit I / O data of I / O unit, buffer memory information of I0 unit, etc., setting information of each unit (initial setting information, node number, communication setting of communication unit, etc.), safety information (I / O of safety unit) O information, operating time information for each unit, life span information, error history information, etc.), configuration management information for each unit, and so on.
  • I / O information control status of each contact, etc.
  • I / O information of each unit status of each input contact, status of output contact
  • setting information of each unit initial setting
  • the non-safety unit 1a is a CPU unit 1a in the present embodiment, and controls a non-safety system, that is, executes a user program created by a ladder or the like, or becomes a master of the CPU bus 10 or the like. Manage the overall configuration of PLC 1. As described above, the CPU unit 1a performs so-called cyclic processing, and repeatedly performs I / O refresh processing, user program execution processing, and peripheral processing.
  • the MPU 12 reads the system program stored in the system ROM 13 and further reads the user program stored in the user program storage unit 15 and uses the memory area (I / O information storage area) of the system RAM 14. Use as appropriate. Further, it has a configuration management information storage unit 16 in which information (configuration management information) on all units constituting the PLC 1 is stored, and manages the entire configuration based on the stored configuration management information.
  • the data structure of the configuration management information storage unit 16 is, for example, a table associating slots No, ID, 'product model, and serial number, as shown in FIG. The slot number is a number sequentially assigned to each connected unit, and the ID is information for specifying the type.
  • this slot N 0 is assigned to all units 1 a to 1 f irrespective of the safety system or the non-safety system.
  • This configuration management information is used when various items are set from the tool 5 to each of the units 1a to 1f.
  • the MPU 12 which is connected to the tool interface 17 via the internal bus,
  • the CPU 5 is linked to the CPU bus 10 via the interface 8 so that the tool 5 can transmit and receive signals to and from the units 1 b to 1 1.
  • the unit to be set is specified by the slot number (equivalent to the unit number) on the tool 5 side, the setting information of the specified unit is input on the tool 5 side, and the setting information is sent to the specified unit. Download. This download reaches each unit via the tool 5, tool interface 17, MPU 12, interface 18, and CPU bus 10.
  • the non-safety units 1b and 1c execute non-safety functions.
  • the MPU 12 is connected to the CPU bus 10 via the interface 18, and transmits and receives data to and from the CPU unit 1a. .
  • the MPU 12 accesses the system ROM 13 and the system R AMI 4 and executes predetermined processing for realizing the functions of each unit.
  • the non-safety unit 1b is a non-safety I / O unit having a 1/0 interface 19, and a predetermined I / O device is directly connected to this I / O interface.
  • the non-safety unit 1 c is a non-safety communication unit having the communication interface 20. Accordingly, the communication interface 20 of the non-safety unit 1c (communication unit) is connected to the network 3, and the non-safety network system is connected together with the device 2 connected to the non-safety network 3.
  • This non-safety network system is a PLC network system that has been generally used in the past. Although it is called “non-safety system", its contents are conventionally known. In some cases, the equipment is already installed.
  • the safety units 1 d to 1 f perform the safety function and are connected to the safety dedicated bus 11.
  • the dedicated safety bus 11 is connected to only the safety units 1d to 1f and is suitable for implementing the safety function, and is provided independently of the conventional CPU bus 10. Further, the safety units 1d to 1f are also connected to the CPU bus 10 so that necessary data can be transmitted to and received from the non-safety unit via the CPU bus 10.
  • the MPU 12 and the system R0M13 storing the program for executing the MPU 12 and the programs for executing the functions are also used in each of the safety units 1d to 1f to execute the operation.
  • System RAM14 System RAM14.
  • Each MPU 12 is connected to the CPU bus 10 via the interface 18 and to the dedicated safety bus 11 via the safety interface 24.
  • one of the safety units 1d to 1f becomes a master of the dedicated safety bus 11 (reference numeral 1d in the example in the figure), and is stored in the safety-related configuration management information storage unit 25. Stores configuration management information for units 1d to 1f.
  • Safety system configuration information storage 2
  • the data structure of 5, for example, is as shown in FIG.
  • the types of information to be stored are the same (slot No, ID, product type, serial] Sio), but the configuration management information storage in FIG.
  • the configuration management information for all units is stored in Part 16
  • the safety system configuration management information shown in the figure is only for the safety units 1 d to 1 f configuring the safety system. Is different.
  • the slot No. (safety slot N 0.) Is re-allocated. That is, in the safety unit 1d, the slot No. is "4" and the safety slot No is "1".
  • safety units 1e and 1f have slots No. 5 and 6, respectively, and safety slot N0 has 2 and 2, respectively.
  • the safety unit 1d is provided with a tool interface 17 and a communication interface 20, and can be connected to the tool 5 and the safety network 7 via these interfaces. Also, by performing serial communication with the safety device 6 connected to the safety network 7, the I / O information of each safety device 6 is acquired and stored in the IZ0 information storage unit 22. .
  • the data structure of the IZ0 information storage unit 22 is as shown in FIG. In other words, the safety unit 1d is equivalent to the communication master unit of the remote IZ0, and the safety device 6 operates as the communication slave, so that the device at a remote location via the safety network can be used.
  • the safety device 6 itself may be an input device or an output device, and each device may have an interface means for directly outputting to the network 7.
  • one of the safety devices 6 force s, intended to the connection multiple input or output device may be a so-called Surebuyuni' preparative Ya terminal Interview two DOO .
  • I / O information of a plurality of devices is converted into parallel Z serial data and transmitted or received to the network.
  • the safety unit 1d is provided with a user interface 21.
  • the user interface 21 includes various switches and performs various settings. For example, it is used to set whether or not it is a master unit.
  • the safety unit 1d is a master of the safety system and also constitutes a communication unit. However, these units may be divided into separate units as a matter of course.
  • the MPU 12 has a bus 10 and a dedicated safety bus 11, and the MPU 12 is connected to each of the buses 10 and 11 via an interface 18 and a safety interface 24. Further, the safety unit 1e constitutes an I / O unit. That is, the I / O interface 19 is provided, and the safety information of the IZO safety equipment connected to the I / O interface 19 is acquired and stored in the I / O information storage unit 23.
  • An example of a data structure in the I / O information storage unit 23 is as shown in FIG.
  • the MPU 12 performs transmission / reception of data with these safety devices, storage in the IZO information storage unit 23, and other processing while accessing the system ROM 13 and the system RAM 14.
  • the function of the MPU 12 provided in the CPU unit 1a to be the non-safety master will be described.
  • the configuration management information and the actual unit are checked to determine whether they match (ST2). That is, it is determined whether or not each unit (safety system, non-safety system) connected to the CPU bus 10 is correctly connected. If they do not match, a configuration error occurs and operation stops (ST3, ST4).
  • the system waits for an operation start command (ST5). That is, first, the CPU bus is refreshed (ST6). This is called an I / O refresh, and is stored in the system RAM 1 of the CPU unit 1a and the system RAM 14 of the other units 1b and 1c (1d to 1f as necessary). This is the process of rewriting existing I / O data and updating to the latest I / O data. And this I Execute the user program based on the latest input data obtained by the / 0 refresh processing (ST 7). The execution result is written to the system RAM 14 as the latest output data. The execution result is sent to other units as output data at the next I / O refresh processing.
  • I ZO information of reading about the good force s also a safety system is also in the non-safety system, with the writing so that can not be against the safety system.
  • the safety I / O information may be used as necessary.
  • the IZO information of which safety unit is connected to which safety device is used based on the configuration management information.
  • the I / O assignment is to associate the I / O information area in the system RAM 14 with the preceding safety device.
  • the MPU 12 of the CPU unit 1a acquires I / O information of the safety device of the specific safety unit via the CPU bus 10 via the CPU bus 10.
  • the safety unit 1 d ' the safety unit 1 d '
  • the IZO information of each safety unit stored in the system RAMI 4 or the data stored in the IZO information storage unit 23 of the device on the network is transferred to the CPU unit 1
  • the I / O information may be obtained from the safety units 1 e and 1.
  • step 12 the answer is Yes in step 12, and the process proceeds to step 13, which recognizes the safety bus master, checks the safety system configuration management information and the actual unit configuration, and determines whether or not they match ( ST 14). That is, it is determined whether or not each safety unit 1 d to 1 mm connected to the safety bus 11 is correctly connected. If they do not match, a configuration error occurs and operation stops (ST23, ST24).
  • This safety function processing is executed based on the latest input data obtained by the I / 0 refresh processing (ST16).
  • This safety function processing is the execution of a user program in the safety master 1d, which processes a predetermined logical operation according to the input information, and obtains the operation result as output information for operating the safety device. Refers to processing. Thereafter, it is determined whether there is a processing request of the tool 5 via the CPU bus 10 or from the tool interface of the safety unit 1d (ST17). If there is no request, the process returns to the refresh process of step 15 and the normal cyclic process is repeated.
  • the tool processing as a peripheral processing is executed, and then the processing proceeds to step 15 Return Perform normal cyclic processing.
  • tool processing for example, In some cases, the status of all equipment or the entire safety device is monitored.
  • the I / O information in the system RAMI 4 of the safety master 1d may be made rewritable via the tool, but in that case, it is necessary to manage the password.
  • tool processing performed via the CPU bus 10 is limited to a monitor or the like, and it is preferable that safety device information and control information relating to safety devices cannot be rewritten. The reason for this is that the safety function cannot be ensured if information is taken in from non-secure routes in the safety function processing and the taken information is used for safety purposes.
  • the data exchange of the safety system will be described.
  • Data transmission / reception is performed between the units 1 d to l f via the dedicated safety bus 11.
  • data transmission is duplicated.
  • the transmitting safety unit transmits the same data twice to the dedicated safety bus 11, and the data is transmitted on the condition that the two data received by the receiving safety unit match. You may want to enable capture.
  • the transmitting safety unit transmits the actual data information and the processed signal (for example, a digitally inverted signal) to the dedicated safety bus 11 in one frame.
  • the received data may be regarded as valid on condition of a match.
  • FIG. 9 shows a processing procedure for reading information held by the safety unit from the pool 5 connected to the CPU unit 1a.
  • the information to be read here includes the safety system configuration information stored in the safety system configuration management information storage unit 25 and the I / O information storage unit 22 from the safety unit 1 d that is the safety system master.
  • the IZO information is stored in the I / O information storage unit 23 from the safety unit 1e, which is a safety-related I / O unit.
  • the tool 5 issues a read request (ST 30).
  • the MPU 12 of the CPU unit 1a waits for a request from the tool 5 (ST31).
  • the request is received via the tool interface 17, the content of the request is analyzed and read out.
  • a read request is issued to the safety unit holding the data (ST32). This read request is made via the CPU bus 10.
  • the safety unit MPU 12 also waits for a request sent via the CPU bus 10 (ST33), and upon receiving the request, manages its own information (data) via the internal bus. B & C, data D) is read, and the read information (data B & C, data D) is transmitted via the CPU bus 10 to the MPU 12 of the CPU unit 1a (ST34).
  • the MPU 12 of the CPU unit 1a Upon receiving a response from the requesting safety unit, the MPU 12 of the CPU unit 1a transmits the received data (B & C, D) to the tool 5 via the internal bus-tool interface 17. (ST 35) o This allows Tool 5 to receive the data (B & C, D) (ST 36), and displays the received data on the monitor of Tool 5 (ST 37) o
  • the data held by the safety unit of the safety system can be collected from the non-safe system unit 1a.
  • the conventional tool 5 connected to the CPU Yuni' preparative 1 a similar, of course can monitor data C PU Yuni' preparative 1 a's ⁇
  • the tool 5 issues a read request (ST40).
  • the MPU 12 of the safety unit 1d waits for a request from the tool 5 (ST41), and receives the request (specifying the data to be read) via the tool interface 17 to receive the request.
  • the contents are analyzed and a read request is made to CPU unit 1a (ST42). This read request is made via the CPU bus 10.
  • the MPU 12 of the CPU unit 1a also waits for a request sent via the CPU bus 10 (ST43).
  • the MPU 12 analyzes the request and holds the request. If it is determined that the request is a read request for the configuration management information (data A), the self-managed information (data A) is read via the internal bus. The message is sent to the MPU 12 of the safety unit 1d (ST44).
  • the MPU 12 of the safety unit 1d Upon receiving a response from the requesting CPU unit 1a, the MPU 12 of the safety unit 1d sends the received data to the tool 5 via the internal bus-tool interface 17 (ST45).
  • the tool 5 can receive the information (data A) (ST46), and displays the received data on the monitor of the tool 5 (ST47).
  • the data held by the non-safety CPU unit can be collected from the safety unit 1d, which is the safety system.
  • the tool 5 connected to the conventional manner secure Yuni' preparative 1 d it is needless to say can be monitored data B & C held by the safety Yuni' preparative 1 d force s.
  • the tool 5 issues a read request (ST50).
  • the MPU 12 of the safety unit 1d waits for a request from the tool 5 (ST51), and upon receiving the request via the tool interface 17, issues a read request to the CPU unit 1a. (ST 52). While this read request is made via the CPU bus 10, the MPU 12 of the CPU unit 1 a also waits for a request sent via the CPU bus 10 (ST 53), and receives the request.
  • the request is analyzed, and if it is determined that the read request is for the I / O information (data D) held by the safety unit 1 e of the unit No. 5, the safety unit via the CPU bus 10 is determined.
  • Request data D to 1e (ST 54)
  • the MPU 12 of the safety unit 1e is connected to the CPU unit 1a described above. As in the case of reading from the tool, it waits for a request sent via the CPU bus 10 (ST 55). When the request is accepted, it manages its own information via the internal bus. The CPU then reads and transmits the read information (data D) via the CPU bus 10 to the MPU 12 of the CPU unit 1a (ST56). It should be noted that the go-between and to the MPU 1 2 of safety Yuni' door 1 e, the request original tool somewhere is not related, received a request from the CPU unit 1 a, it performs a process of returning the necessary data It is.
  • the MPU 12 of the CPU unit 1 a transmits the data D received via the CPU bus 10 to the MPU 12 of the safety unit 1 d which issued the original read request via the CPU bus 10. (ST 58).
  • the MPU 12 of the safety unit 1d Upon receiving the response from the CPU unit 1a, the MPU 12 of the safety unit 1d sends the received data to the pool 5 via the internal bus-tool interface 17 (ST 59). . This allows the tool 5 to receive the information (data D) (ST 60), and displays the received data on the monitor of the tool 5 (ST 61).
  • the MPU 12 of the safety unit 1d can also obtain the data D from the safety unit 1e via the dedicated safety bus 11 directly.
  • data can be transmitted and received between the units via the CPU bus 10, and the dedicated safety bus 11 is dedicated to transmitting and receiving information for the safety processing function. It is preferable because it can be used.
  • the safety units 1d to 1mm can be managed as advanced functions of the conventional PLC.
  • the conventional non-safety PLC since it can be integrated with the conventional non-safety PLC, only one device, such as a power supply unit, can be used in common, thus saving space.
  • a safety system can be easily added to an environment where a non-safety PLC is already used.
  • non-safety units 1a to 1c and the safety units 1d to 1mm and connecting them by bus they are electrically and mechanically connected and integrated, so that distribution is reduced. It becomes a line.
  • having a dedicated safety bus not only optimizes (fast) safety and non-safety processing, but also provides a dedicated safety bus. Thus, the reliability of the safety system can be ensured. Therefore, a safety system can be constructed relatively inexpensively.
  • a CPU bus 10 that can control the PLC CPU (MPU 12 of CPU unit 1a) is provided in all safety units 1d to 1f, so that MPU 1 of CPU unit 1a is provided. 2, the data can be read from all units via the CPU bus, regardless of whether they are safety units or non-safety units.
  • the safety unit can read the data of the non-safety unit via the CPU unit.
  • the CPU bus and the safety bus are provided, and the safety bus can be accessed only by the safety unit, thereby realizing a controller in which the safety system and the non-safety system are mixed. Can be.
  • data transmission and reception between the safety system and the non-safety system can be easily performed using the CPU bus.
  • the integration saves space.

Abstract

Selon l'invention, un dispositif de commande non sécurisé constitué d'une pluralité d'unités concaténées (1b, 1c) comprenant une unité centrale (UC) (1a), est concaténé par des unités sécurisées (1d à 1f) réalisant un traitement de fonctionnement de sécurité. Les unités sécurisées comprennent un bus UC (10) destiné à la connexion avec l'UC, et un bus de sécurité (11) destiné à la connexion entre les unités sécurisées. Comme le bus de sécurité est séparé du système non sécurisé, il est possible de garantir un fonctionnement de sécurité fiable. L'UC peut lire des données issues des unités sécurisées et des unités non sécurisées via le bus UC.
PCT/JP2002/005390 2001-05-31 2002-05-31 Unite securisee, systeme de commande, procede de concatenation de dispositifs de commande, procede de commande de systeme de commande, et procede de surveillance de systeme de commande WO2002097543A1 (fr)

Priority Applications (5)

Application Number Priority Date Filing Date Title
DE60225443T DE60225443T2 (de) 2001-05-31 2002-05-31 Sicherheitseinheit, steuerungsverkettungsverfahren, steuerungssystemsteuerverfahren und steuerungssystemüberwachungsverfahren
EP02730857A EP1396772B1 (fr) 2001-05-31 2002-05-31 Unite securisee, systeme de commande, procede de concatenation de dispositifs de commande, procede de commande de systeme de commande, et procede de surveillance de systeme de commande
JP2003500660A JP3997988B2 (ja) 2001-05-31 2002-05-31 安全ユニット及びコントローラシステム並びにコントローラの連結方法及びコントローラシステムの制御方法
US10/478,515 US7430451B2 (en) 2001-05-31 2002-05-31 Safety unit, controller system, connection method of controllers, control method of the controller system and monitor method of the controller system
US12/188,783 US7813813B2 (en) 2001-05-31 2008-08-08 Safety unit, controller system, connection method of controllers, control method of the controller system and monitor method of the controller system

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
JP2001164565 2001-05-31
JP2001-164565 2001-05-31

Related Child Applications (2)

Application Number Title Priority Date Filing Date
US10478515 A-371-Of-International 2002-05-31
US12/188,783 Division US7813813B2 (en) 2001-05-31 2008-08-08 Safety unit, controller system, connection method of controllers, control method of the controller system and monitor method of the controller system

Publications (1)

Publication Number Publication Date
WO2002097543A1 true WO2002097543A1 (fr) 2002-12-05

Family

ID=19007375

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/JP2002/005390 WO2002097543A1 (fr) 2001-05-31 2002-05-31 Unite securisee, systeme de commande, procede de concatenation de dispositifs de commande, procede de commande de systeme de commande, et procede de surveillance de systeme de commande

Country Status (5)

Country Link
US (2) US7430451B2 (fr)
EP (1) EP1396772B1 (fr)
JP (1) JP3997988B2 (fr)
DE (1) DE60225443T2 (fr)
WO (1) WO2002097543A1 (fr)

Cited By (12)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2004234655A (ja) * 2003-01-28 2004-08-19 Fisher Rosemount Syst Inc プロセス制御システムおよび安全システムを備えるプロセスプラントにおける統合型診断
JP2004234658A (ja) * 2003-01-28 2004-08-19 Fisher Rosemount Syst Inc プロセス制御システムおよび安全システムを備えるプロセスプラントにおける統合型コンフィギュレーション
JPWO2003001306A1 (ja) * 2001-06-22 2004-10-14 オムロン株式会社 安全ネットワークシステム及び安全スレーブ並びに安全コントローラ
EP1493960A2 (fr) * 2003-06-30 2005-01-05 Keyence Corporation Système de relais de sécurité
WO2006011584A1 (fr) * 2004-07-29 2006-02-02 Jtekt Corporation Courant porteur en ligne (cpl) sécurisé, logiciel d’assistance à la création de programme de séquences, et procédé de détermination de programme de séquences
EP1496411A3 (fr) * 2003-07-08 2006-08-02 Omron Corporation Commande de sécurité et système l' utilisant
JP2007172256A (ja) * 2005-12-21 2007-07-05 Yokogawa Electric Corp 統合制御システム
JP2007533045A (ja) * 2004-04-19 2007-11-15 ベックホフ オートメーション ゲーエムベーハー 安全性指向の制御システム
JP2008077687A (ja) * 2003-01-28 2008-04-03 Fisher Rosemount Syst Inc 安全システム
JP2011008642A (ja) * 2009-06-26 2011-01-13 Fuji Electric Holdings Co Ltd 安全装置および電力変換器
US11424865B2 (en) 2020-12-10 2022-08-23 Fisher-Rosemount Systems, Inc. Variable-level integrity checks for communications in process control environments
DE102004003569B4 (de) 2003-01-28 2023-03-30 Fisher-Rosemount Systems, Inc. Prozessanlage, Sicherungssystem zur Verwendung in einer Prozessanlage und Verfahren zum Durchführen von Sicherungsprozeduren in einer Prozessanlage

Families Citing this family (38)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7369902B2 (en) * 2001-05-31 2008-05-06 Omron Corporation Slave units and network system as well as slave unit processing method and device information collecting method
EP1396963B1 (fr) * 2001-05-31 2010-01-27 Omron Corporation Systeme reseau de securite, esclaves de securite, controleur de securite, procede de communication, procede de collecte d'information et procede de surveillance dans un reseau de securite
EP1396772B1 (fr) * 2001-05-31 2008-03-05 Omron Corporation Unite securisee, systeme de commande, procede de concatenation de dispositifs de commande, procede de commande de systeme de commande, et procede de surveillance de systeme de commande
WO2003001307A1 (fr) * 2001-06-22 2003-01-03 Omron Corporation Systeme de reseau de securite, esclave de securite, et procede de communication
WO2003001749A1 (fr) * 2001-06-22 2003-01-03 Omron Corporation Systeme de reseau securise et esclave securise
JP3988559B2 (ja) * 2002-07-18 2007-10-10 オムロン株式会社 通信システム、通信装置及び通信制御方法
US7865251B2 (en) 2003-01-28 2011-01-04 Fisher-Rosemount Systems, Inc. Method for intercontroller communications in a safety instrumented system or a process control system
WO2005003972A2 (fr) * 2003-06-24 2005-01-13 Robert Bosch Gmbh Procede pour verifier la securite et la fiabilite de systemes electroniques a base de logiciels
DE10353950C5 (de) * 2003-11-18 2013-10-24 Phoenix Contact Gmbh & Co. Kg Steuerungssystem
US8055814B2 (en) * 2005-03-18 2011-11-08 Rockwell Automation Technologies, Inc. Universal safety I/O module
JP4619231B2 (ja) * 2005-07-29 2011-01-26 株式会社ジェイテクト 安全plc
DE102007050708B4 (de) * 2007-10-22 2009-08-06 Phoenix Contact Gmbh & Co. Kg System zum Betreiben wenigstens eines nicht-sicherheitskritischen und wenigstens eines sicherheitskritischen Prozesses
US8285402B2 (en) * 2008-07-14 2012-10-09 Ge Intelligent Platforms, Inc. Method and system for safety monitored terminal block
WO2010052333A1 (fr) * 2008-11-10 2010-05-14 Airbus Operations Gmbh Procédé et dispositif de transmission de données via les noeuds d'un réseau
DE102008060005A1 (de) * 2008-11-25 2010-06-10 Pilz Gmbh & Co. Kg Sicherheitssteuerung und Verfahren zum Steuern einer automatisierten Anlage mit einer Vielzahl von Anlagenhardwarekomponenten
DE102008060010A1 (de) 2008-11-25 2010-06-02 Pilz Gmbh & Co. Kg Sicherheitssteuerung und Verfahren zum Steuern einer automatisierten Anlage
US8415609B2 (en) 2009-01-31 2013-04-09 Keyence Corporation Safety photoelectric switch
DE102009019096A1 (de) * 2009-04-20 2010-11-04 Pilz Gmbh & Co. Kg Sicherheitssteuerung und Verfahren zum Steuern einer automatisierten Anlage
DE102009054155A1 (de) * 2009-11-23 2011-05-26 Abb Ag Ein- und/oder Ausgabe-Sicherheitsmodul für ein Automatisierungsgerät
DE102009054157C5 (de) * 2009-11-23 2014-10-23 Abb Ag Steuerungssystem zum Steuern von sicherheitskritischen und nichtsicherheitskritischen Prozessen
TW201219727A (en) * 2010-11-03 2012-05-16 Chung Hsin Elec & Mach Mfg Control method for absorption air conditioning equipment
JP4877424B1 (ja) 2011-03-15 2012-02-15 オムロン株式会社 Plcのcpuユニット、plc用のシステムプログラムおよびplc用のシステムプログラムを格納した記録媒体
JP4877423B1 (ja) * 2011-03-15 2012-02-15 オムロン株式会社 Plcのcpuユニット、plc用システムプログラムおよびplc用システムプログラムを格納した記録媒体
JP6136228B2 (ja) * 2012-12-14 2017-05-31 オムロン株式会社 通信カプラ、通信システム、制御方法、およびプログラム
EP3327535B1 (fr) * 2013-04-16 2020-01-22 Watlow Electric Manufacturing Company Contrôleur de processus comportant une détection optique intégrée
DE102013112816A1 (de) * 2013-11-20 2015-05-21 Wieland Electric Gmbh Sicherheitssteuerung
US9582376B2 (en) 2014-11-14 2017-02-28 Invensys Systems, Inc. Unified communications module (UCM)
US10031502B2 (en) 2015-03-27 2018-07-24 Rockwell Automation Germany Gmbh & Co. Kg I/O expansion for safety controller
US10197985B2 (en) * 2015-10-29 2019-02-05 Rockwell Automation Germany Gmbh & Co. Kg Safety controller module
US9768572B1 (en) 2016-04-29 2017-09-19 Banner Engineering Corp. Quick-connector conversion system for safety controller
JP6977265B2 (ja) * 2017-01-27 2021-12-08 オムロン株式会社 マスタースレーブ制御システム、およびマスタースレーブ制御システムの制御方法
US10782665B2 (en) * 2017-06-30 2020-09-22 Cattron North America, Inc. Wireless emergency stop systems, and corresponding methods of operating a wireless emergency stop system for a machine safety interface
EP3644145A1 (fr) * 2018-10-25 2020-04-29 ABB Schweiz AG Système de commande de procédés critiques pour la sécurité et non critiques pour la sécurité
WO2020183559A1 (fr) * 2019-03-11 2020-09-17 三菱電機株式会社 Dispositif de commande de sécurité et système de commande de sécurité
US20210200178A1 (en) * 2019-12-31 2021-07-01 Schneider Electric Systems Usa, Inc. Secure network of safety plcs for industrial plants
US11797373B2 (en) 2021-12-13 2023-10-24 Nxp B.V. System and method for managing faults in integrated circuits
DE102022120198A1 (de) * 2022-08-10 2024-02-15 Pilz Gmbh & Co. Kg Modulare Steuerungseinrichtung
JP7459915B1 (ja) * 2022-10-27 2024-04-02 Smc株式会社 安全モジュールおよびモジュール連結体

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JPH0537980A (ja) * 1991-07-29 1993-02-12 Mitsubishi Electric Corp プラント監視装置
EP0905594A1 (fr) * 1997-09-26 1999-03-31 PHOENIX CONTACT GmbH & Co. Appareil de transmission de signaux de commande et de données et procédé de transmission de données relatives à la securité
JP2000259215A (ja) * 1999-03-12 2000-09-22 Omron Corp Plc用ツール装置、並びに、プログラム記録媒体
JP2001084014A (ja) * 1999-09-16 2001-03-30 Nippon Signal Co Ltd:The 生産設備制御システム

Family Cites Families (86)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US3803974A (en) * 1972-11-03 1974-04-16 Wahl W Corp Fire control system
US4625308A (en) * 1982-11-30 1986-11-25 American Satellite Company All digital IDMA dynamic channel allocated satellite communications system and method
JPS6062482A (ja) 1983-09-02 1985-04-10 フアナツク株式会社 ロボットの安全速度制御装置
US4715031A (en) * 1985-09-23 1987-12-22 Ford Motor Company Vehicular data transfer communication system
US4750171A (en) * 1986-07-11 1988-06-07 Tadiran Electronics Industries Ltd. Data switching system and method
JPH0697412B2 (ja) * 1987-08-12 1994-11-30 ファナック株式会社 高速入出力モジュール
JPS6435666U (fr) 1987-08-28 1989-03-03
JPH0430992Y2 (fr) 1987-08-31 1992-07-27
JPH0670820B2 (ja) 1989-09-29 1994-09-07 株式会社シーエスケイ 自動販売機データ収集システム
FR2654220B1 (fr) * 1989-11-03 1992-02-21 Inst Francais Du Petrole Systeme modulaire d'acquisition et de transmission de donnees sismiques a plusieurs niveaux de multiplexage.
US5282127A (en) * 1989-11-20 1994-01-25 Sanyo Electric Co., Ltd. Centralized control system for terminal device
DE3938735A1 (de) * 1989-11-23 1991-05-29 Standard Elektrik Lorenz Ag Einrichtung und verfahren zur ueberwachung einer navigationsanlage
WO1991011766A2 (fr) * 1990-01-30 1991-08-08 Johnson Service Company Systeme de gestion d'unites interconnectees en reseau
US5218680A (en) * 1990-03-15 1993-06-08 International Business Machines Corporation Data link controller with autonomous in tandem pipeline circuit elements relative to network channels for transferring multitasking data in cyclically recurrent time slots
US5631724A (en) * 1990-04-10 1997-05-20 Sanyo Electric Co., Ltd Centralized control system for terminal device
US5059953A (en) * 1990-04-10 1991-10-22 Pacific Scientific Company Infrared overheat and fire detection system
US5157780A (en) * 1990-06-12 1992-10-20 Advanced Micro Devices, Inc. Master-slave checking system
JPH0445697A (ja) 1990-06-13 1992-02-14 Nec Corp ポーリング方式
US5519607A (en) * 1991-03-12 1996-05-21 Research Enterprises, Inc. Automated health benefit processing system
GB2267984A (en) 1992-06-16 1993-12-22 Thorn Emi Electronics Ltd Multiplexing bus interface.
US5434872A (en) * 1992-07-28 1995-07-18 3Com Corporation Apparatus for automatic initiation of data transmission
US5400018A (en) * 1992-12-22 1995-03-21 Caterpillar Inc. Method of relaying information relating to the status of a vehicle
JPH06324719A (ja) 1993-05-14 1994-11-25 Omron Corp プログラマブルコントローラ
JPH07282090A (ja) 1994-04-14 1995-10-27 Toshiba Corp データ収集方式
US6524230B1 (en) * 1994-07-22 2003-02-25 Ranpak Corp. Packing material product and method and apparatus for making, monitoring and controlling the same
US5572195A (en) * 1994-08-01 1996-11-05 Precision Tracking Fm, Inc. Sensory and control system for local area networks
US5845253A (en) * 1994-08-24 1998-12-01 Rensimer Enterprises, Ltd. System and method for recording patient-history data about on-going physician care procedures
JPH08211792A (ja) 1995-02-03 1996-08-20 Mita Ind Co Ltd 画像形成装置の管理システム
DE19529434B4 (de) * 1995-08-10 2009-09-17 Continental Teves Ag & Co. Ohg Microprozessorsystem für sicherheitskritische Regelungen
US5841654A (en) * 1995-10-16 1998-11-24 Smar Research Corporation Windows based network configuration and control method for a digital control system
JP3282470B2 (ja) * 1995-11-08 2002-05-13 三菱電機株式会社 パソコンを用いた数値制御装置及びその制御方法
US5995916A (en) * 1996-04-12 1999-11-30 Fisher-Rosemount Systems, Inc. Process control system for monitoring and displaying diagnostic information of multiple distributed devices
DE19620137C2 (de) * 1996-05-07 2000-08-24 Daimler Chrysler Ag Protokoll für sicherheitskritische Anwendungen
US5786996A (en) * 1996-06-28 1998-07-28 Eaton Corporation Appliance control circuit comprising dual microprocessors for enhanced control operation and agency safety redundancy and software application method thereof
JP3317156B2 (ja) * 1996-09-18 2002-08-26 三菱電機株式会社 リモートplc装置を備えた数値制御装置
US6098109A (en) * 1996-12-30 2000-08-01 Compaq Computer Corporation Programmable arbitration system for determining priority of the ports of a network switch
US5907689A (en) * 1996-12-31 1999-05-25 Compaq Computer Corporation Master-target based arbitration priority
DE19718284C2 (de) * 1997-05-01 2001-09-27 Kuka Roboter Gmbh Verfahren und Vorrichtung zum Überwachen einer Anlage mit mehreren Funktionseinheiten
JP3485444B2 (ja) 1997-07-09 2004-01-13 新キャタピラー三菱株式会社 移動式作業機械管理システム及び管理方法並びに同管理システムのための移動式作業機械,ユーザ装置及び親装置
US6999824B2 (en) * 1997-08-21 2006-02-14 Fieldbus Foundation System and method for implementing safety instrumented systems in a fieldbus architecture
US6574234B1 (en) * 1997-09-05 2003-06-03 Amx Corporation Method and apparatus for controlling network devices
US6507804B1 (en) * 1997-10-14 2003-01-14 Bently Nevada Corporation Apparatus and method for compressing measurement data corelative to machine status
US6026348A (en) * 1997-10-14 2000-02-15 Bently Nevada Corporation Apparatus and method for compressing measurement data correlative to machine status
US6473811B1 (en) * 1998-03-13 2002-10-29 Canon Kabushiki Kaisha Method and apparatus for displaying a connection status of a device based on connection information
DE19814102C2 (de) * 1998-03-30 1999-05-12 Siemens Ag Datenübertragungsverfahren
US6285966B1 (en) 1998-06-25 2001-09-04 Fisher Controls International, Inc. Function block apparatus for viewing data in a process control system
US6640268B1 (en) * 1998-08-28 2003-10-28 Intel Corporation Dynamic polling mechanism for wireless devices
US6411863B1 (en) * 1998-11-02 2002-06-25 The Minster Machine Company Auxiliary control system for use with programmable logic controller in a press machine
JP2000148213A (ja) 1998-11-09 2000-05-26 Hitachi Ltd プログラマブルコントローラ
DE19905841A1 (de) * 1999-02-12 2000-08-24 Kuka Roboter Gmbh Vorrichtung zum Verarbeiten sicherheitsrelevanter Daten
US6633782B1 (en) 1999-02-22 2003-10-14 Fisher-Rosemount Systems, Inc. Diagnostic expert in a process control system
JP3794459B2 (ja) 1999-03-17 2006-07-05 オムロン株式会社 データ伝送システム並びに通信ユニット及び機器
US6762684B1 (en) * 1999-04-19 2004-07-13 Accutrak Systems, Inc. Monitoring system
DE19925693B4 (de) * 1999-06-04 2007-05-16 Phoenix Contact Gmbh & Co Schaltungsanordnung zur gesicherten Datenübertragung in einem ringförmigen Bussystem
DE19928517C2 (de) * 1999-06-22 2001-09-06 Pilz Gmbh & Co Steuerungssystem zum Steuern von sicherheitskritischen Prozessen
AU6837200A (en) * 1999-08-13 2001-03-13 Fraunhofer-Gesellschaft Zur Forderung Der Angewandten Forschung E.V. Home intercom system, transport platform for an intercom system and an intelligent mains receiver for a home intercom system
DE19939567B4 (de) * 1999-08-20 2007-07-19 Pilz Gmbh & Co. Kg Vorrichtung zum Steuern von sicherheitskritischen Prozessen
JP4176252B2 (ja) 1999-09-14 2008-11-05 株式会社イシダ 商品処理装置のメンテナンスシステム
US6915263B1 (en) * 1999-10-20 2005-07-05 Sony Corporation Digital audio decoder having error concealment using a dynamic recovery delay and frame repeating and also having fast audio muting capabilities
US6353867B1 (en) * 2000-01-14 2002-03-05 Insilicon Corporation Virtual component on-chip interface
US6585644B2 (en) * 2000-01-21 2003-07-01 Medtronic Minimed, Inc. Ambulatory medical apparatus and method using a telemetry system with predefined reception listening periods
US6532550B1 (en) * 2000-02-10 2003-03-11 Westinghouse Electric Company Llc Process protection system
JP3501762B2 (ja) * 2000-02-14 2004-03-02 キヤノン株式会社 情報処理装置及び方法
JP3827928B2 (ja) 2000-08-25 2006-09-27 Ntn株式会社 機械部品の監視システム
JP2002073121A (ja) 2000-08-24 2002-03-12 Fuji Electric Co Ltd ネットワーク制御システム、その通信モジュール、及びリモート制御方法
DE10053763C2 (de) * 2000-10-30 2002-10-17 Pilz Gmbh & Co Feldbussystem zum Steuern von sicherheitskritischen Prozessen sowie Busanschaltmodul zur Verwendung in einem solchen Feldbussystem
KR100626675B1 (ko) * 2000-12-21 2006-09-22 삼성전자주식회사 무선 통신기기 및 그 제어방법
US6795871B2 (en) * 2000-12-22 2004-09-21 General Electric Company Appliance sensor and man machine interface bus
GB2371449A (en) * 2001-01-22 2002-07-24 Nokia Mobile Phones Ltd Synchronizing a new device to a synchronized network of devices
WO2002077871A1 (fr) * 2001-02-26 2002-10-03 Walter Reed Army Institute Of Research Explorateur permettant d'enregistrer un accident ou un incident
US6477335B1 (en) * 2001-05-11 2002-11-05 Troy Group, Inc. Toner cartridge identification system for a printer
US7369902B2 (en) * 2001-05-31 2008-05-06 Omron Corporation Slave units and network system as well as slave unit processing method and device information collecting method
EP1396963B1 (fr) * 2001-05-31 2010-01-27 Omron Corporation Systeme reseau de securite, esclaves de securite, controleur de securite, procede de communication, procede de collecte d'information et procede de surveillance dans un reseau de securite
JP4280003B2 (ja) * 2001-05-31 2009-06-17 株式会社日立製作所 遠隔保守方法および産業用機器
EP1396772B1 (fr) 2001-05-31 2008-03-05 Omron Corporation Unite securisee, systeme de commande, procede de concatenation de dispositifs de commande, procede de commande de systeme de commande, et procede de surveillance de systeme de commande
EP2256562B1 (fr) * 2001-06-22 2012-01-25 Omron Corporation Contrôleur de sécurité
WO2003001307A1 (fr) * 2001-06-22 2003-01-03 Omron Corporation Systeme de reseau de securite, esclave de securite, et procede de communication
WO2003001749A1 (fr) * 2001-06-22 2003-01-03 Omron Corporation Systeme de reseau securise et esclave securise
JP2003037545A (ja) * 2001-07-23 2003-02-07 Nec Corp 近距離無線機能付き移動局及びその消費電力低減方法
JP3988559B2 (ja) * 2002-07-18 2007-10-10 オムロン株式会社 通信システム、通信装置及び通信制御方法
US7289861B2 (en) * 2003-01-28 2007-10-30 Fisher-Rosemount Systems, Inc. Process control system with an embedded safety system
US6975966B2 (en) * 2003-01-28 2005-12-13 Fisher-Rosemount Systems, Inc. Integrated diagnostics in a process plant having a process control system and a safety system
US6898542B2 (en) * 2003-04-01 2005-05-24 Fisher-Rosemount Systems, Inc. On-line device testing block integrated into a process control/safety system
US7027880B2 (en) * 2003-09-30 2006-04-11 Rockwell Automation Technologies, Inc. Safety controller providing rapid recovery of safety program data
DE10353950C5 (de) * 2003-11-18 2013-10-24 Phoenix Contact Gmbh & Co. Kg Steuerungssystem
DE102004034862A1 (de) * 2004-07-19 2006-03-16 Siemens Ag Automatisierungssystem und Ein-/Ausgabebaugruppe für dasselbe

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JPH0537980A (ja) * 1991-07-29 1993-02-12 Mitsubishi Electric Corp プラント監視装置
EP0905594A1 (fr) * 1997-09-26 1999-03-31 PHOENIX CONTACT GmbH & Co. Appareil de transmission de signaux de commande et de données et procédé de transmission de données relatives à la securité
JP2000259215A (ja) * 1999-03-12 2000-09-22 Omron Corp Plc用ツール装置、並びに、プログラム記録媒体
JP2001084014A (ja) * 1999-09-16 2001-03-30 Nippon Signal Co Ltd:The 生産設備制御システム

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
See also references of EP1396772A4 *

Cited By (23)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JPWO2003001306A1 (ja) * 2001-06-22 2004-10-14 オムロン株式会社 安全ネットワークシステム及び安全スレーブ並びに安全コントローラ
JP4586061B2 (ja) * 2003-01-28 2010-11-24 フィッシャー−ローズマウント システムズ, インコーポレイテッド 安全システム
DE102004003569B4 (de) 2003-01-28 2023-03-30 Fisher-Rosemount Systems, Inc. Prozessanlage, Sicherungssystem zur Verwendung in einer Prozessanlage und Verfahren zum Durchführen von Sicherungsprozeduren in einer Prozessanlage
JP2008102953A (ja) * 2003-01-28 2008-05-01 Fisher Rosemount Syst Inc プロセスプラントのコンフィギュレーションシステム
DE102004003571B4 (de) * 2003-01-28 2015-02-12 Fisher-Rosemount Systems, Inc. Prozesssteuerungssystem mit eingebettetem Sicherheitssystem
JP4610602B2 (ja) * 2003-01-28 2011-01-12 フィッシャー−ローズマウント システムズ, インコーポレイテッド 安全ロジックモジュールシステム
JP4586062B2 (ja) * 2003-01-28 2010-11-24 フィッシャー−ローズマウント システムズ, インコーポレイテッド プロセスプラントのコンフィギュレーションシステム
JP2004234655A (ja) * 2003-01-28 2004-08-19 Fisher Rosemount Syst Inc プロセス制御システムおよび安全システムを備えるプロセスプラントにおける統合型診断
JP2008077687A (ja) * 2003-01-28 2008-04-03 Fisher Rosemount Syst Inc 安全システム
JP2004234658A (ja) * 2003-01-28 2004-08-19 Fisher Rosemount Syst Inc プロセス制御システムおよび安全システムを備えるプロセスプラントにおける統合型コンフィギュレーション
JP2008102954A (ja) * 2003-01-28 2008-05-01 Fisher Rosemount Syst Inc 安全ロジックモジュールシステム
EP1493960A2 (fr) * 2003-06-30 2005-01-05 Keyence Corporation Système de relais de sécurité
EP1493960A3 (fr) * 2003-06-30 2009-12-16 Keyence Corporation Système de relais de sécurité
KR100720273B1 (ko) 2003-07-08 2007-05-22 오므론 가부시키가이샤 세이프티 컨트롤러 및 그것을 이용한 시스템
EP1496411A3 (fr) * 2003-07-08 2006-08-02 Omron Corporation Commande de sécurité et système l' utilisant
JP2007533045A (ja) * 2004-04-19 2007-11-15 ベックホフ オートメーション ゲーエムベーハー 安全性指向の制御システム
US8335573B2 (en) 2004-04-19 2012-12-18 Beckhoff Automation Gmbh Safety-oriented control system
US7787968B2 (en) 2004-07-29 2010-08-31 Jtekt Corporation Safe PLC, sequence program creation support software and sequence program judgment method
WO2006011584A1 (fr) * 2004-07-29 2006-02-02 Jtekt Corporation Courant porteur en ligne (cpl) sécurisé, logiciel d’assistance à la création de programme de séquences, et procédé de détermination de programme de séquences
JP4538749B2 (ja) * 2005-12-21 2010-09-08 横河電機株式会社 統合制御システム
JP2007172256A (ja) * 2005-12-21 2007-07-05 Yokogawa Electric Corp 統合制御システム
JP2011008642A (ja) * 2009-06-26 2011-01-13 Fuji Electric Holdings Co Ltd 安全装置および電力変換器
US11424865B2 (en) 2020-12-10 2022-08-23 Fisher-Rosemount Systems, Inc. Variable-level integrity checks for communications in process control environments

Also Published As

Publication number Publication date
EP1396772A4 (fr) 2004-09-08
US7813813B2 (en) 2010-10-12
JPWO2002097543A1 (ja) 2004-09-16
DE60225443D1 (de) 2008-04-17
US20040210326A1 (en) 2004-10-21
DE60225443T2 (de) 2009-03-26
EP1396772A1 (fr) 2004-03-10
US20080306613A1 (en) 2008-12-11
EP1396772B1 (fr) 2008-03-05
JP3997988B2 (ja) 2007-10-24
US7430451B2 (en) 2008-09-30

Similar Documents

Publication Publication Date Title
WO2002097543A1 (fr) Unite securisee, systeme de commande, procede de concatenation de dispositifs de commande, procede de commande de systeme de commande, et procede de surveillance de systeme de commande
JP4338354B2 (ja) スレーブ
JP4893931B2 (ja) セーフティ・コントローラ
EP1406134B1 (fr) Systeme de reseau securise, esclave securise et controleur securise
JP3925495B2 (ja) スレーブ及びネットワークシステム並びにスレーブの処理方法及び機器情報収集方法
JP4504165B2 (ja) 制御システム
US9934111B2 (en) Control and data transmission system, process device, and method for redundant process control with decentralized redundancy
US7120820B2 (en) Redundant control system and control computer and peripheral unit for a control system of this type
KR100689323B1 (ko) 필드버스 네트워크 다중화 시스템
JP2002237823A (ja) プロセス制御システムにおける冗長装置
JP4722613B2 (ja) 分散制御システム
JP2002118579A (ja) コンフィギュレーションデバイスおよびシステム
JP2002358106A (ja) 安全コントローラ
JPWO2003001307A1 (ja) 安全ネットワークシステム及び安全スレーブ並びに通信方法
JP4569838B2 (ja) コントローラシステムの設定方法並びにコントローラシステムのモニタ方法
JP4492635B2 (ja) 安全コントローラ及びコントローラシステム並びにコントローラの連結方法及びコントローラシステムの制御方法
CN101471555A (zh) 安全主机
CN101609421A (zh) 运算处理装置的多重控制系统及多重控制方法
JP4941365B2 (ja) 産業用コントローラ
JP2004054907A (ja) プログラマブルコントローラ及びcpuユニット並びに通信ユニット及び通信ユニットの制御方法
JP2005174306A (ja) 通信インタフェースおよびネットワークシステムならびにプログラマブルコントローラ
EP1850554A2 (fr) Communications sécurisées dans un réseau
JPH0262606A (ja) Cncの診断方式
JP5088490B2 (ja) 二重化コントローラ
JP3349618B2 (ja) エレベータ監視システム

Legal Events

Date Code Title Description
AK Designated states

Kind code of ref document: A1

Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BY BZ CA CH CN CO CR CU CZ DE DK DM DZ EC EE ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX MZ NO NZ OM PH PL PT RO RU SD SE SG SI SK SL TJ TM TN TR TT TZ UA UG US UZ VN YU ZA ZM ZW

AL Designated countries for regional patents

Kind code of ref document: A1

Designated state(s): GH GM KE LS MW MZ SD SL SZ TZ UG ZM ZW AM AZ BY KG KZ MD RU TJ TM AT BE CH CY DE DK ES FI FR GB GR IE IT LU MC NL PT SE TR BF BJ CF CG CI CM GA GN GQ GW ML MR NE SN TD TG

121 Ep: the epo has been informed by wipo that ep was designated in this application
WWE Wipo information: entry into national phase

Ref document number: 2003500660

Country of ref document: JP

WWE Wipo information: entry into national phase

Ref document number: 2002730857

Country of ref document: EP

WWP Wipo information: published in national office

Ref document number: 2002730857

Country of ref document: EP

REG Reference to national code

Ref country code: DE

Ref legal event code: 8642

WWE Wipo information: entry into national phase

Ref document number: 10478515

Country of ref document: US

WWG Wipo information: grant in national office

Ref document number: 2002730857

Country of ref document: EP